US2018176197A1PendingUtilityA1

Dynamic Data Protection System

37
Assignee: BANK OF AMERICAPriority: Dec 15, 2016Filed: Dec 15, 2016Published: Jun 21, 2018
Est. expiryDec 15, 2036(~10.4 yrs left)· nominal 20-yr term from priority
H04L 63/061H04L 63/1408H04L 63/0853H04L 63/10H04L 63/0807H04L 63/0861
37
PatentIndex Score
0
Cited by
0
References
0
Claims

Abstract

A dynamic data protection system may include a data management server includes a processor and a non-transitory memory device storing instructions that cause the data management server to receive, via a network connection from a user device, a request for access to data stored on an organization's network. The data management server may then communicate user authentication information associated with the received request. The security management server may process user authentication information to determine whether an authentication code associated with the user is valid and associated with the requested data. Upon validation of the user authentication information by the security management server, provide access to data via a secured data container of a data envelope corresponding to the data, wherein the data container corresponds to the validated user authentication information. When a data compromise event occurs, the secure data envelope may prevent unauthorized access to the data.

Claims

exact text as granted — not AI-modified
What is claimed is: 
     
         1 . A data management server comprising:
 a processor; and   a non-transitory memory device storing instructions that, when executed by the processor, cause the data management server to:
 receive, via a network connection from a user device associated with a user, a request for access to data stored on an organization's network, the request comprising user authentication information; 
 upon validation of the user authentication information by a security management server, provide access to data via a secured data container of an electronic data envelope corresponding to the data, wherein the data container corresponds to the validated user authentication information; 
 monitor, via a network connection, information associated with the user posted on one or more publically accessible information sources for an indication of improper use of secured information associated with the data stored on the organization's network; and 
 initiate, in response to the indication of improper use, a system data access lockdown process. 
   
     
     
         2 . The data management server of  claim 1 , wherein the user device is located remotely from the organization's network. 
     
     
         3 . The data management server of  claim 1 , wherein the instructions, when executed by the processor, cause the data management server to:
 receive, from a sensor associated with the user device, a signal corresponding to a physical status of the user;   analyze the signal to determine a current physical status of the user; and   upon determining that the current physical status of the user corresponds to an indication of duress, initiate a system data access lockdown process.   
     
     
         4 . The data management server of  claim 1 , wherein the instructions, when executed by the processor, cause the data management server to:
 identify, from the received request for access to data stored on the organization's network, whether or not the request is a first request to access the data;   receive, from the security management server upon validation of the first request, an authorization key to data corresponding to a lowest access level tier; and   communicate, to the user device, the received the authorization key.   
     
     
         5 . The data management server of  claim 1 , wherein the instructions, when executed by the processor, cause the data management server to:
 receive, from the security management server, an indication that the user authentication information is invalid; and   initiate, in response to the indication that the user authentication information is invalid, a system data access lockdown process.   
     
     
         6 . The data management server of  claim 5 , wherein the system data access lockdown process comprises a global reset of the user authorization keys associated with the data envelope. 
     
     
         7 . The data management server of  claim 5 , wherein the instructions, when executed by the processor, cause the data management server to:
 allow users already accessing data via the data envelope continued access to the associated data; and   prevent access to the data from additional users.   
     
     
         8 . A system comprising:
 A data management server comprising:
 a processor; and 
 a non-transitory memory device storing instructions that, when executed by the processor, cause the data management server to:
 receive, via a network connection from a user device, a request for access to data stored on an organization's network, the request for access comprising user authentication information; 
 upon validation of the user authentication information by a security management server, provide access to data via a secured data container of a data envelope corresponding to the data, wherein the data container corresponds to the validated user authentication information; 
 
 monitor, via a network connection, information associated with the user posted on one or more publically accessible information sources for an indication of improper use of secured information associated with the data stored on the organization's network; and
 initiate, in response to the indication of improper use, a system data access lockdown process. 
 
   
     
     
         9 . The system of  claim 8 , comprising the security management server communicatively coupled to the data management server. 
     
     
         10 . The system of  claim 8 , wherein the user device is located remotely from the organization's network. 
     
     
         11 . The system of  claim 8 , wherein the network connection comprises one of an Internet connection or a telecommunications network. 
     
     
         12 . The system of  claim 8 , wherein the instructions, when executed by the processor, cause the data management server to:
 identify, from the received request for access to data stored on the organization's network, whether or not the request is a first request to access the data;   receive, from the security management server upon validation of the first request, an authorization key to data corresponding to a lowest access level tier; and   communicate, to the user device, the received the authorization key.   
     
     
         13 . The system of  claim 8 , wherein the instructions, when executed by the processor, cause the data management server to:
 receive, from the security management server, an indication that the user authentication information is invalid; and   initiate, in response to the indication that the user authentication information is invalid, a system data access lockdown process.   
     
     
         14 . The system of  claim 13 , wherein the system data access lockdown process comprises a global reset of the user authorization keys associated with the data envelope. 
     
     
         15 . The system of  claim 13 , wherein the instructions, when executed by the processor, cause the data management server to:
 allow users already accessing data via the data envelope continued access to the associated data; and   prevent access to the data from additional users.   
     
     
         16 . The system of  claim 8 , further comprising a data server; and
 wherein the instructions, when executed by the processor, cause the data management server to:
 receive a request for data access via the data container of the data envelope; 
 communicate the data request to the data server; 
 receive a response from the data server; and 
 communicate, via the data container the response received from the data server. 
   
     
     
         17 . A method comprising:
 receiving, at a data management server via a network connection from a user device, a request for access to data stored on an organization's network;   communicating, to a security management server, user authentication information associated with the received request;   upon validation of the user authentication information by the security management server, provide access to data via a secured data container of a data envelope corresponding to the data, wherein the data container corresponds to the validated user authentication information;   monitoring, via a network connection, information associated with the user posted on one or more publically accessible information sources for an indication of improper use of secured information associated with the data stored on the organization's network; and   initiating, in response to the indication of improper use, a system data access lockdown process.   
     
     
         18 . The method of  claim 17 , comprising:
 receiving, at the data management server, a request for data access via the data container of the data envelope, wherein the request includes an authentication key;   communicating, upon validation of the authentication key, the data request to a data server;   receiving, at the data management server, a response from the data server; and   communicating, via the data container of the data envelope, the response received from the data server.   
     
     
         19 . The method of  claim 17 , comprising:
 identifying, by the security management server based on the received request for access to data stored on the organization's network, whether or not the request is a first request to access the data;   validating, by the security management server, the first request, an authorization key to data corresponding to a lowest access level tier; and   communicating, to the user device, the received the authorization key.   
     
     
         20 . The method of  claim 17 , wherein the data envelope comprises a plurality of data containers, wherein each data containers corresponds to a different access tier including a first access tier corresponding at least a first data access tier comprising a secure level access permissions level and a second access tier level comprising a public level access permissions level.

Cited by (0)

No later patents cite this yet.

References (0)

No backward citations on record.